npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

user-is

v0.0.1

Published

Role-based authentication

Downloads

7

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ethangarofoloethangarofolo

Keywords

authorization

Readme

node-user-is

Simple role-based outhorization library that makes no assumptions.

NPM version

Installation

$ npm install user-is

Quickstart

var UserIs = require('user-is')

// Define what it means to have your given roles.  Here we have a role called 'admin'.
var roleFuncs = {
  'admin': function isAdmin(user, cb) {
    cb(null, user && user.isAdmin)
  }
}

// Name the actions you care about, and state what roles are needed for them
var actionDefs = {
  'add new user': ['admin']
, 'do something else': ['admin', 'user']
}

// Get your authorization instance
var authorization = UserIs(roleFuncs, actionDefs)

// Find out if a given user has a certain role
var user = {} //... You've somehow retrieved this already
var userIs = authorization(user)

if (userIs.a('admin')) {
  // user is an 'admin', so do something with that
}

// Find out if a user can perform a certain action
if (userIs.ableTo('add new user')) {
  // user can do that action, so do something with that
}

Do you use Express?

Or some other routing layer that uses function(req, res, next)-style functions for a middleware layer? user-is has you covered.

// How do you extract the user from a request?
function retrieveUserFromRequest(req, cb) {   // <---- async in case you need to go to the DB or something
  cb(null, req.user)
}

var options = {
  retrieveUserFromRequest: retrieveUserFromRequest
}

// resusing our definitions from above
var authorization = require('user-id')(roleFuncs, actionDefs, options)

// Now, wherever you have your routes
var router = require('express').Router

router.route('/add_new_user')
  .post(authorization.ensureAuthorizedTo('add new user'))

What happens in the middleware if users aren't authorized

user-is will introduce an Error object into the queue. The error will have a member code that depends on what the error is.

  • Not authorized: 'E_NOTAUTHORIZED'
  • User not found in the request: 'E_USERNOTFOUND'

There error codes are accessible directly off the user-is module, e.g.:

UserIs.notAuthorizedErrorCode

So you'd want to also have an error-handling middleware for each possibility, e.g.:

function notAuthorizedError(err, req, res, next) {
  if (err.code !== UserIs.notAuthorizedError) return next(err)

  res.status(403).send('You are not authorized to do that!')
}

router.route('/add_new_user')
  .post(authorization.ensureAuthorizedTo('add new user'), actualHandler, notAuthorizedError)

Other options

The modules returns a function with the following signature:

function UserIs(roleFuncs, actionDefinitions, options)

You've aleady seen the option for how to transform a request into a user object. There is another option though.

If you ask a question about a role or action that you haven't defined, by default, user-is will introduce an error with code 'E_MISSINGDEFINITION'. This error is also accessible directly off the module:

UserIs.missingDefinitionErrorCode

If you'd rather it just return false in your checks, use the following option:

  var options = {
    errorOnMissingDefinitions: true
  }

  var authorization = UserIs(roleFuncs, actionDefs, options)

  var userIs = authorization.forUser(/*some user object*/)

  userIs.a('role I have not mentioned before', function(err, isRole) {
    // isRole is now false
  })

Tests

./node_modules/mocha/bin/mocha test/theTests.js

Want to contribute?

Fork this repo, make your change, and submit a pull request. It's worth checking the issues first to see if someone else has reported the issue. If you're unsure if a given feature is desired, open up an issue on it, and let's discuss!

Acknowledgements

A big thanks to the fine folks who wrote authorized. Your library heavily inspried this one.

License

MIT